Help with storing/remembering passwords
Everywhere you go on the web today, it seems like you have to have an account with a username and password. You could use one username and password for everything,
but then if someone gets that one username and password, you could be in for a world of BIG hurt!
Security is important, but not always easy. How should someone keep track of multiple usernames and multiple passwords. Here are a few methods that work
with a limited amount of security:
The following list is not intended to be comprehensive, just an indication of some simple techniques used.
- Write down all account info on a sheet of paper and keep it in your wallet. This assumes you always have your wallet with you when you need the info. But,
if someone can get that paper, then all your accounts could be compromised.
- Like the previous method, but only the passwords are listed without any other info, like username or where the passwords are used. This only makes it a little harder
on the thief, as your passwords are still listed in plain-text and a thief could try each password until one the correct one is found.
- Using either of the previous methods, but you only list part of the password, or use easy ciphers or encrypt it in a way only you might know. For example, if a
password is "strongBad01" your list shows "sb1" or "tuspohCbe12" (using substitution ciper, each character was substituted with the following
character, a is b, b is c, etc...). This is better, as it makes it harder on the thief to figure out the passwords, but a smart thief can figure out simple ciphers.
- Using your computer, you could use any of the methods above and save it as a plain-text file, an encrypted text file, or some other propietary format. As long as you
don't use a filename like, passwords.txt, pw.txt or something similar, then it might be a little harder for someone to find your password file. But a file on one
computer is only convenient when you are using that computer. To get around that, you would have to:
- Copy the file to each computer you use. Files could get out of sync unless you synchronize all copies after modifying.
- Place the file on removable media and only use it from the removable media. If the removable media is lost or damaged, all your passwords are lost.
- Combine the two previous methods, use the removable media to make and synchronize the file on multiple computers. This is a better plan, but if your password
file is not encrypted well, then if someone gets your removable media, then again, the thief will have access to all your accounts.
- Use a specific password tool that itself is password protected and uses strong encryption. This way you only need to remember one username and
one password and then you can access any number of other accounts and passwords. I highly recommend KeePass, it
is free, open-source and easy to use. Check out the website for more info, screenshots and downloads for many different Operating Systems and devices.
There are, of course, many other options that will improve security and/or convenience, but usually require a lot more work. For instance, if you know how to setup a website
and have the ability and facilities to do so, you could setup a secure website that stores all your passwords in an online database. Then, no matter where you go, as long as
you have internet access, you can access your account info.
Tip! Always use strong passwords. Strong passwords use the following rules:
- Length of password is at least 8 characters long.
- Password is not a word in any dictionary.
- Use a mix of upper- and lower-case letters.
- Use a mix of letters and numbers.
- For additional security, use non-alpha-numeric characters such as ! @ # $ % ^ & * ( ) { } [ ] ".
Well, that's all for now. And remember to use a strong password.
Last revised: February 11, 2015 13:48